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Add_protected_object(full jpathjiame) 


i 


r 


Get object fid for full jpathjiame 


^ 


r 


Using the obtained fid as a key store a record 
of the fid and its associated file jpathjiame 
into a fid to PON maoDino database. 
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End 
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Access Check For PON (access name) 



Get object fid for accessName 



Search the Fid to PON mapping database for 
a fid match using the obtained fid. If a fid 
match is found the associated PON is 
returned. 



I 



PON found 



Call access decision component to obtain 
access decision for PON providing access 
conditions 



Access denied 



Deny resource access 



Allow access 
to proceed 
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No 



Find PON (object Fid) 



Process fid into a search hash bucket to 
search for a fid match 



Find entry for each fid in the search list 



Does object Fid match current entry in 
search list? 



I 



No 



Get next entry in list 



End of search list? 



Yes 



Done, return no PON found 
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' Yes 


Return PON 


► 


in entry 



-26 
-27 
-28 



FIG. 3 



4/7 

AUS920010163US1 



Get Object Fid (file_path_name) 



Get an underlying object data pointer such as 
a vnode or mode using the OS lookupname 
Q service with the file_path_name as input 



Using the obtained vnode get the object's 
fid using the VOP_FID Q service 



I 



Return obtained fid 



-30 



-31 



-32 



-33 



FIG. 4 



5/7 

AUS920010163US1 



Get Pseudo Object Fid (file _path_name) 
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Get an underlying object data pointer such as 
a vnode or mode using the OS lookupnameQ 

service with the file_path_name as input. 

Also use feature of lookupname () call to 
get object's parent directory vnode. 




Append name length and name to fid bytes 
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Ser fid length to name length + data size of 
serial number value + data size of name 
length value 



Get mode index number from vnode or use 
getattrQ system service to get POSIX serial 
number of vnode 



J. 



Done, return generated fid 
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Open directory for parent vnode to read 
directory entries 
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Read directory entry to get entry's POSIX 
serial number or inode index 
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I Is entry's inode or serial number equal to 


No 


Set to next 


I object's inode or serial number? 


► 


entry 


lYes 






I Get entry name and name length 




End of entries?\ 


r— " 
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i Yes 


| Put serial number at start of fid bytes 




Done, can't 






gen a fid 



No 
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Example High Level Architecture Relationship between an External Authorization Manager 
and the Described Fid Association and Recognition Mechanism 




Master Policy 
Database for 
PON's 



Master Policy 
Database Manager 



Authorization (AZN) 
Decision Engine 



Enforcement System 



Fid to PON Mapping Database 
-created FID to PON mappings 
•service FID to PON requests 




Operation Interceptor: 
-intercept application calls 
-obtain fid for accessed resource 
-look for PON 
-if (PON) 

get AZN decision for 

(deny/grant) enforce decision 



Native Operating Systems Services 
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